US publishing and financial information firm Dow Jones is the latest high-profile company to admit being hit by a data breach, which security experts say goes hand in hand with fraud.
The firm said the breach is believed to be part of a broader campaign involving a number of other companies, and appeared to target contact information of current and former subscribers.
Dow Jones said payment card information may also have been accessed for fewer than 3,500 customers – but added there is no direct evidence the information was stolen.
Law enforcement officials informed the company of the breach in late July 2015. A subsequent investigation found unauthorised access had taken place between August 2012 and July 2015.
“To date, our extensive review has not uncovered any direct evidence that information was stolen, and we have taken steps to stop the unauthorised access,” Dow Jones chief executive William Lewis said in a letter to customers.
“We devote substantial resources to cyber security and we want to assure you that we are taking additional steps to further fortify our systems,” he said.
Lewis said Dow Jones would send a letter to all those affected by the breach with more information about the support the company is offering.
The company said customers should be on the look out for suspicious emails and avoid calls or emails asking for personal information.
Fraud and data theft
Ken Westin, senior security analyst at Tripwire, said fraud is a key driver of data breaches.“The number of large data breaches we see every day proves the link between these two crimes,” he said.
According to Westin, the rise of underground markets, where hackers and fraudsters engage in commerce with one another, has created a black market economy that generates demand for personal information.
“The power of the internet continues to strengthen the links between these two types of crimes, allowing both to become more lucrative,” he said.
Westin said personal information is harvested from businesses that collect and store it, but the initial breach is usually just the beginning of a long fraud campaign that could last years.
Read more about data breaches
- Another US health insurer says it has been hit by a “sophisticated” cyber attack, with more than 10 million customer accounts exposed at Excellus BlueCross BlueShield.
- HIV clinic data breach shows lessons not learned.
- More than 70% of executives say their organisations do not fully understand the risks associated with data breaches.
- Most large enterprises already know much of what they need to put in place to protect themselves against data breaches – they just have not done it all.
“All financial services businesses are hot targets for cyber crime and fraud because their customers are more likely to be wealthy, and therefore be more lucrative targets,” he said.
The increasing number of high-profile data breaches is leading to fears that businesses lack the ability to detect cyber crime quickly enough, a recent survey found.
According to the survey, by endpoint protection specialist Bit9 + Carbon Black, consumers in Britain are increasingly concerned there are many data breaches companies have yet to discover.
The researchers surveyed more than 2,000 UK adults and found that high-profile security breaches – such as the leaking of the personal details of around 32 million members of cheating site Ashley Madison – have led to increased fear of data breaches among the public. The survey found 81% of people worry cyber criminals might already have stolen their personal data without anyone noticing.
According to PwC’s Global State of Information Security Survey 2016, UK companies are not yet on top of cyber security incidents or their causes.
Nearly 10% of UK companies do not know how many cyber security attacks they had in the past year and 14% do not know how they happened, the survey revealed.
Data breaches are becoming increasingly common among private companies and government organisations.
In recent months, breaches have been announced by Experian, Excellus BlueCross BlueShield, the Internal Revenue Service (IRS), the Office of Personnel Management (OPM) and Department of Energy in the US. Elsewhere breaches were reported by Carphone Warehouse in the UK and David Jones in Australia.